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(54) Method and system for digital information protection 



(57) A digital information protection scheme using an 
improved security protocol. In a system in which a user 
makes an access to a digrtal information provided by an 
Information center (1 ) by connecting a computer card (3) 
owned by the user to an Information terminal device (2) 
connected with the information center (1 ), a work key for 
encrypting a desired digital information Is delivered from 
the information center (1) to the computer card (3) 
through the information terminal device (2), and the work 
key is registered in the computer card (3); the desired 

FIG.l 



digital information encrypted by the work key is delivered 
from the information center (1) to the information termi- 
nal devrce (2); and an encrypted digital information deliv- 
ered from the information center (1) is decrypted at the 
information terminal device (2) by using the work key reg- 
istered in the computer card (3). and a decrypted digital 
infonnation is provided to the user at the information ter- 
minal device (2). 
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Description 

BACKGROUND OF THE INVENTION 

Field of the invention 

The present invention relates to a digital information 
protection scheme for preventing illegal duplications of 
digital information such as digital audio information, dig- 
ital visual information, digital computer program informa- 
tion, etc. 

Description of the Background Art 

In recent years, due to the advance of the high speed 
digital communication techniques such as ISDN and dig- 
ital information compression technique for speeches, 
dynamic images, still pictures, etc. (indudng MPEG 
(Moving Picture Experts Group) and JPEG (Joint Photo- 
graphic coding Experts Group), it has become possiiale 
to deliver the writings such as music, video, pictures, 
books, etc. to each user terminal from an information 
center through a communication channel, by converting 
them into digital information, and compressing and 
encoding the digital information. 

In this regard, there are known examples of a deliv- 
ery service utilizing a personal computer communica- 
tion, etc. for a conrputer software which requires smaller 
amount of data compared with the digital information 
such as video. However, this conventional software deliv- 
ery service utilizing a personal computer communica- 
tion, etc.. does not encrypt the software to be delivered, 
so that there has been a problem that it provides an envi- 
ronment in which an illegal copying of the software is eas- 
ier compared with a usual software sale system using a 
package such as a f toppy disk. 

On the other hand, there is a computer software sale 
system using a CD-ROM that has recently been prac- 
ticed in the U.S.A.. in which a CD-ROM containing an 
encrypted main software and a non-encrypted software 
for demonstration is sold and distributed at tow price, and 
when a user is satisfied with the trial on the software for 
demonstration, the user orders a purchase of the main 
software to a service center via the telephone, etc., in 
response to which the decryption key is notified to the 
user such that the user can use the encrypted main soft- 
ware on the purchased CD-ROM by decrypting it using 
the notified decryption key. 

However, this computer software sale system using 
a CD-ROM also has problems in that it requires a human 
action in acquiring the decryption key from the service 
center via the telephone, etc, and that a privacy of the 
user cannot be protected. Moreover, because of the 
involvement of the human action, there is a possibility for 
the illegal copying induced by the unlawful conduct such 
as the illegal disposition of the deayption key. 



SUMMARY OF THE INVENTION 

It is therefore an object of the present invention to 
provide a digital information protection scheme in which 

5 the leakage of the digital information to the third party 
can be protected and the illegal copying of the digital 
information is difficult even for a legitimate user. 

According to one aspect of the present invention 
there is provided a method for digital information protec- 
10 tion in a system in which a user makes an access to a 
digital information provided by an information center, by 
connecting a computer card owned by the user to an 
Information terminal device connected with the informa- 
tion center, the method comprising the steps of: (a) car- 

75 tying out a mutual authentication between the computer 
card and the information terminal device; (b) can-ying out 
a user authentication by the conputer card through the 
information terminal device; (c) sending an information 
request specifying the desired digital information of the 

20 user from the information terminal device to the informa- 
tion center by signing and encrypting an informatk}n 
identifier for identifying the desired digital information; (d) 
sending the work key for encrypting the desired digital 
information from the information center to the computer 

25 card by a cipher communication using a public key cryp- 
tosystem ; (e) obtaining and registering the work key sent 
from the information center at the computer card, and 
sending a work key receipt signature from the computer 
card to the information center; (f) receiving a work key 

30 request message containing a random nun^er from the 
information terminal device at the computer card, 
encrypting the work key according to the random 
number, and sending an encrypted work key from the 
computer card to the information terminal device; (g) 

35 encrypting the desired digital information specified by the 
information request by using the work key at the informa- 
tion center, and sending the encrypted digital information 
from the information center to the information terminal 
device; (h) receiving arKl decrypting the encrypted work 

40 key sent from the computer card so as to obtain the work 
key at tiie information terminal device, receiving and 
decrypting the encrypted digital information sent from 
the information center by using the work key, and provid- 
ing the decrypted digital information to the user at tiie 

45 information terminal device; and (i) sending an 
encrypted information receipt signature from the infor- 
mation terminal device to the information center, and 
recording the information request, the work key recdpt 
signature, and the encrypted information receipt signa- 

50 ture as a ground for charging at tiie information center. 
According to another aspect of the present invention 
tiiere is provided a method for digital information protec- 
tion in a system in which a user makes an access to a 
digital information provkled by an information center, by 

55 connecting a conputer card owned by the user to an 
information terminal device connected with ttie informa- 
tion center, the mettiod comprising the steps of: (a) car- 
rying out a mutual authentication between the computer 
card and the information terminal device; (b) carrying out 
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a user authentication by the computer card through the 
information terminal device; (c) sending an information 
request specifying the desired digital information of the 
user from the information terminal device to the informa- 
tion center by signing and encrypting an information 5 
identifier for identifying the desired digital information; (d) 
encrypting thedesireddigital information specified by the 
information request by using the work key at the informa- 
tion center, and sending the encrypted digital information 
from the information center to the information terminal w 
device and the computer card; (e) receiving and storing 
the encrypted digital information sent from the informa- 
tion center at the information terminal device, and send- 
ing an information receipt signature from the computer 
card to the information center via the information termi- 75 
nal device; (f) delivering the work key for encrypting the 
desired digital information from the information center to 
the conrputer card, and obtaining and registering the 
work key sent from the information center at the compu- 
ter card, while returning a delivery certificate from the 20 
computer card to the information center; (g) receiving a 
work key request message containing a random number 
from the information terminal device at the conputer 
card, encrypting the work key according to the random 
number, and sending an enaypted work key from the 25 
computer card to the information terminal device; (h) 
receiving and decrypting the encrypted work key sent 
from the computer card so as to obtain the work key at 
the infomiation terminal device, decrypting the 
encrypted digital information stored in the information 30 
terminal device by using the work key, and providing the 
decrypted digital information to the user at the informa- 
tion terminal device; and (i) sending an encrypted infor- 
mation receipt signature from the information terminal 
device to the information center, and recording the infer- 35 
mation request the encrypted infonnation receipt signa- 
ture, and the delivery certificate as a ground for charging 
at the information center. 

According to another aspect of the present invention 
there is provided a method for digital information protec- 40 
tion in a system in which a user makes an access to a 
digital information provided by an information center, by 
connecting a computer card owned by the user to an 
infomnation terminal device connected with the informa- 
tion center, the method comprising the steps of: deliver- 45 
ing a work key for encrypting a desired digital information 
from the information center to the computer card through 
the information terminal device, and registering the work 
key in the computer card; delivering the desired digital 
information encrypted by the work key from the Informa- so 
tion center to the information terminal device; and 
decrypting an enaypted digital information delivered 
from the information center at the informatfon terminal 
device by using the work key registered in the conputer 
card, and provkling a decrypted digital information to the 55 
user at the infornriation terminal device. 

According to another aspect of the present invention 
there is provided a digital information protection system, 
comprising: an information center for providing a digital 



information; an information terminal device connected 
with tile information center; and a computer card owned 
by a user, such that the user makes an access to tfie 
digital information provided by the information center by 
connecting the computer card to the infonmation terminal 
device; wherein the information center, the information 
terminal device, and tfie conputer card are adapted to: 
deliver a work key for encrypting a desired digital infor- 
mation from the information center to the computer card 
through the information terminal device, and register the 
work key in the computer card; deliver the desired digital 
information encrypted by the work key from the informa- 
tion center to the information terminal device; and 
decrypt an encrypted digital information delivered from 
the information center at the irTformation terminal device 
by using the work key registered in the conputer card, 
and provide a decrypted digital information to tiie user 
at the information terminal device. 

According to anotiner aspect of tfie present invention 
tiiere is provided an information center for a digital infor- 
mation protectfon system in which a user makes an 
access to a digital information provided by the informa- 
tion center by connecting a conputer card owned by tiie 
user to an information terminal device connected with tiie 
information center, wherein the information center, tiie 
information terminal device, and tiie computer card are 
adapted to: deliver a work key for encrypting a desired 
digital information from the infonnation center to tiie 
computer card through the information terminal device, 
and register tiie work key in the conputer card; deliver 
tfie desired digitai information encrypted by tiie work key 
from tiie information center to the information terminal 
device; and decrypt an encrypted digital information 
delivered from the information center at the information 
terminal device by using the work key registered in tiie 
computer card, and provide a decrypted digital informa- 
tion to the user at the information terminal device; tiie 
information center conprising: information storage 
means for storing tiie digital information; communication 
control means for making a communication witii the infor- 
mation terminal device; key generation means for gen- 
erating the work key; encryption means for encrypting 
tiie digital information by using the work key; public key 
ayptosystem means for encrypting tfie work key in order 
to make a cipher communication of tiie work key; and 
signature conversion means for providing a signature of 
tiie information center. 

According to anotfier aspect of the present invention 
tiiere is provided an information terminal device for a dig- 
ital information protection system in which a user makes 
an access to a digital information provkJed by an infor- 
mation center by connecting a computer card owned by 
the user to tfie information terminal device connected 
with ttie information center, wherein the information 
center, the information terminal device, and the conpu- 
ter card are adapted to: deliver a work key for encrypting 
a desired digital information from tiie information center 
to tfie computer card tfirough tfie information terminal 
device, and register the work key in tfie computer card; 
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deliver the desired digital information encrypted by the 
work key from the information center to the information 
terminal device; and deaypt an encrypted digital infor- 
mation delivered from the information center at the infor- 
mation terminal device by using the work key registered 5 
in the computer card, and provide a decrypted digital 
information to the user at the information terminal device; 
the information terminal device comprising; first commu- 
nication control means for making a communication with 
the information center; second communication control w 
means for making a communication witii the computer 
card; information storage means for storing tiie digital 
information; public cryptosystem means for encrypting 
the work key in order to make a cipher communication 
of the work key; signatijre conversion means for provid- 75 
ing a signature of the information terminal device; ran- 
dom number generation means lor generating a random 
number; matching means for matching tiie random 
number generated by the random number generation 
means with a random number received from the compu- 20 
ter card; secret key storage means for storing a secret 
key of tiie information terminal device; deayption means 
for decrypting an encrypted work key and an encrypted 
digital information; and secrecy protection means for 
physically protecting a secrecy of tiie random number 25 
generation means, the matching means, the secret key 
storage means, and the decryption means. 

According to another aspect of the present invention 
there is provided a computer card for a digrtal information 
protecton system in which a user makes an access to a 30 
digital information provided by an information center by 
connecting the conputer card owned by the user to an 
information terminal device connected with the infomia- 
tion center, wherein the information center, the informa- 
tion terminal device, and tiie computer card are adapted 35 
to: deliver a work key for encrypting a desired digital infor- 
matfon from the information center to tfie computer card 
through the information terminal device, and register the 
work key in the conputer card; deliver the desired digrtal 
information encrypted by tiie work key from the informa- 40 
tion center to the information terminal device; and 
decrypt an encrypted digital information delivered from 
the information center at the information terminal device 
by using the work key registered in the computer card, 
and provide a decrypted digital information to the user 46 
at tfie information terminal device; the computer card 
comprising: communication control means for making a 
communication with the information terminal device; 
public ayptosystem means for encrypting the work key 
in order to make a cipher communication of the work key; so 
signature conversion means for providing a signature of 
the computer card ; and work key storage means for stor- 
ing tiie work key. 

Other features and advantages of the present inven- 
tion will become apparent from tfie following description ss 
taken in conjunction witfi the accompanying drawings. 



BRIEF DESCRIPTION OF THE DRAWINGS 

Rg. 1 is a schematic blockdiagram of an overall con- 
figuration for tiie first and second embodiments of a dig- 
ital information protection system according to tiie 
present invention. 

Rg. 2 is a block diagram of an internal configuration 
of an information center in the digital information protec- 
tion of Fig. 1. 

Rg. 3 is a block diagram of an internal configuration 
of an infomriatlon terminal device In tiiedlgital information 
protection of Fig. 1. 

Rg. 4 is a block diagrm of an internal configuration 
of a computer card in tiie digital information protection of 
Fig. 1. 

Rg. 5 is a diagrammatic illustration showing a pro- 
cedure for a mutual authentication between the informa- 
tion terminal device and tiie computer card in tiie digrtal 
information protection of Rg. 1. 

Rg. 6 is a diagrammatic illustration showing a pro- 
cedure for a user autiientication in the digrtal information 
protection of Fig. 1 . 

Rg. 7 is a diagrammatic illustration showing a pro- 
cedure for a user's selection in the digrtal information pro- 
tection of Fig. 1 . 

Rg. 8 is a diagrammatic illustration showing a pro- 
cedure for an information request in the digital informa- 
tion protection of Rg. 1. 

Rg. 9 is a diagrammatic illusti^ation showing a pro- 
cedure for a key delivery and a key receipt signing in tiie 
digital information protection of Fig. 1 according to tiie 
first embodiment. 

Rg. 10 is a diagrammatic illusti-ation showing a pro- 
cedure for a work key WK request in tiie digrtal informa- 
tion protection of Rg. 1 according to tiie first 
embodiment 

Rg. 11 is a diagrammatic illustration showing a pro- 
cedure for an information delivery and an information uti- 
lization in the digrtal information protection of Fig. 1 
according to the first enrtoodiment. 

Rg. 12 is a diagrammatic illusti'ation showing a pro- 
cedure for an information delivery and storage and an 
information center authentication in the digital informa- 
tion protection of Fig. 1 according to tfie second embod- 
iment. 

Rg. 13 is a diagrammatic illustration showing a pro- 
cedure for a signing and a delivery certification prepara- 
tion in the digital information protection of Fig. 1 
according to the second enrbodiment. 

Rg. 14 Is a diagramnr^tic illustration showing a pro- 
cedure for a key delivery and a delivery certifkation in 
tiie digital infomnation protection of Fig. 1 according to 
tiie second embodiment. 

Rg. 15 is a diagrammatic Illustration showing a pro- 
cedure for an infbrmatkjn utilization in the digrtal informa- 
tion protection of Rg. 1 according to tiie second 
embodiment when an information to be utilized is stored 
in the information tenminal device. 
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Fig. 16 is a diagrammatic illustration showing a pro- 
cedure for an information utilization in the digital informa- 
tion protection of Fig. 1 according to the secorKl 
embodiment when an information to be utilized is not 
stored in the information terminal device. 



DETAILED DESCRIPTION OF THE PREFERRFn 
EMBODIMENTS 



Referring now to Rg. 1 to Fig. 1 1, the first embodi- io 
ment of the digital infomiation protection system accord- 
ing to the present invention will be described in detail. 

In this first embodiment, the digital information pro- 
tection system has an overall configuration as shown in 
Fig. 1 . which comprises an information center 1 , an infor- is 
mation terminal device 2 connected with the information 
center 1 , and a computer card 3 to be connected to the 
information terminal device 2. In addition, there is also 
provided a certificate authority 4 which will be necessary 
only in a preliminary stage at a time of utilizing the public 2o 
key CTyptosystem as will be described below. 

The Information center 1 stores a large number of 
digital information supplied from information providers, 
and manages tiiem in a manner of a database. 

The information terminal device 2 is equipped with 2S 
an image display device, a speech output device, etc. 
necessary in utilizing the digital information, and pro- 
vided at a home of each user. The information center 1 
and the information terminal device 2 are connected 
through a communication network such tiiat they can so 
communicate with each ottier through tiie communica- 
tion network. 

The computer card 3 is to be detachaWy connected 
to the information terminal device 2, and capable of inter- 
nally storing data indicating a trade content regarding ss 
which information has been purchased. This conputer 
card 3 is owned by each user, and each user can utilizes 
the purchased digital information (such as video, music, 
etc.) by sending it from the information center 1 to the 
information terminal device 2 by connecting this compu- 4o 
ter card 3 to the information terminal device 2. 

The information center 1 has an internal configura- 
tion as shown in Rg. 2. which includes: an information 
input unit 1 1 for entering an information to be utilized; an 
infomiation storage unit 12 for storing the information to 45 
be utilized; an information encryption unit 13 for encrypt- 
ing the information to be utilized; a WK generation unit 
1 4 for generating a work key WK to be used at a time of 
encrypting the infomiation to be utilized; a public conver- 
sion unit 15 for encrypting ttie work key WK; a signature so 
conversion unit 16 for converting a signature to indicate 
that tiie encrypted work key WK belongs to the infomia- 
tion center 1 ; a memory 1 7 for storing a public key of the 
infomiation center 1 . a certificate of the public key issued 
by the certificate authority 4. intermediate results of com- ss 
putations. etc.; a CPU 18 for controlling the infomiation 
center 1 as a whole and executing the hash algorithm; a 
public key verification unit 19 for verifying the public key 



of the computer card 3. etc.; and a network input/output 
unit 20 for carrying out exchanges with the network. 

The information terminal device has an internal con- 
figuration as shown in Fig. 3. which includes: a card 
input/output unit 21 for can*ying out exchanges witfi ttie 
computer card 3; a decryption key extraction unit 22 for 
carrying out tfie decryption of the public key ayptosys- 
tem; an information deayption unit 23 for carrying out 
the decryption of tiie information to be utilized; an infor- 
mation output unit 24 for outputting the decrypted infor- 
mation; an image display device 25a; a speech output 
device 25b; a secret protection mechanism 26 for phys- 
ically protecting the secrecy of ttie decryption key extrac- 
tion unit 22. the information decryption unit 23. and the 
information output unit 24; an information storage unit 27 
for storing tfie information to be utilized in an enaypted 
state; a network input/output unit 28 for carrying out 
exchanges with the network; a memory 29 for storing a 
public key of the information terminal device 2, tiie cer- 
tificate of tfie public key issued by the certificate authority 
4, intermediate results of computations, etc; a CPU 30 
for controlling tfie information terminal device 2 as a 
whole and executing the random number generation and 
tile hash algorithm. 

The computer card 3 has an internal configuration 
as shown in Rg. 4, which includes: a public key verifica- 
tion device 31 for verifying the public key as a proper one 
according to the certificate issued by the certificate 
authority 4; a public key cryptosystem device 32 for 
applying the encryption and tiie signature conversion; a 
communication device 33 for making a communication 
with tiie information terminal device 2; a password 
matching device 34 for can-ying out tiie password match- 
ing for ttie user autiientication; a decryption key registra- 
tion device 35 for registering tiie decryption key of tiie 
purchased information; a memory 36 for storing a puljlic 
key of ttie computer card 3, tiie certificate of tiie public 
key issued by the certificate authority 4. intermediate 
results of computations, etc.; a CPU 37 for controlling 
the computer card 3 as a whole and executing the ran- 
dom number generation, eta; a voltage monitoring 
device 38 for monitoring a voltage necessary in main- 
taining data such as ttie secr^ key, etc.; and a battery 
39 as a back-up power source. 

This digital information protection system of the first 
embodiment is operated according to the following infor- 
mation utilization protocol based on the digital informa- 
tion protection scheme of the present invention. 

(Preparatory set up> 

In the following, a conversfon for encrypting a mes- 
sage M by a key K to obtain an encrypted message C 
will be denoted as C = EK(M), and a conversion for 
decrypting the encrypted message C to obtain tiie orig- 
inal message M will be denoted as M = DK(C). In partic- 
ular, in a case of utilizing the public key cryptosystem. 
tiie enayption will be denoted as C = EKp(M) and ttie 
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decryption will be denoted as M = DKs(C). The latter can 
also be used as the signature conversion as well. 

The con^puter card 3 registers in advance its identi- 
fier IDu. its public key Kpu. a certificate Xpu of the public 
key Kpu. a public key Kpc of the certificate autiiority 4, s 
and its secret key Ksu, where the secret key Ksu in par- 
ticular is registered into a write only region within the pub- 
lic key cryptosystem device 32 which is a protected area 
that cannot be read out freely The certificate Xpu is 
obtained as Xpu = DKsc{Kpu) when tfie public key Kpu io 
is authenticated by the certificate authority 4. where the 
Ksc is a secret key of the certificate authority 4 which is 
kept in secret at the certificate authority 4, 

Similarly the information terminal device 2 registers 
in advance its identifier IDg, its public key Kps, a certifi- is 
cate Xps of tiie public key Kps, a public key Kpc of the 
certificate authority 4. and its secret key Kss, while the 
information center 1 registers in advance its identifier 
IDm. its public key Kp^, a certifk:ate Xp^ of the public 
key KpM, a public key Kp^ of the certificate authority 20 
center 4, and its secret key Kgw Also, the computer card 
3 registers data (such as a password) for authenticating 
the user in a state that cannot be read out illegally, by 
encrypting it for example. 

25 

(Mutual authentication between the computer card 3 and 
the information terminal device 2) 

First, the mutual authentication between the compu- 
ter card 3 and the information terminal device 2 is carried 30 
out according to the procedure shown in Fig. 5 as follows. 

When tiie computer card 3 is connected to the infor- 
matwn terminal device 3 by being inserted therein, the 
random number R, the public key Kps of the information 
terminal device 2 and its certificate Xps, and the identifier 35 
IDs of ttie information terminal device 2 are sent from tiie 
information terminal device 2 to the computer card 3. 

Then, tiie computer card 3 judges whether the public 
key Kps of the information terminal device 2 is a proper 
one or not by certifying that the public key Kps of the 40 
information terminal device 2 and its certificate Xps are 
consistent, by utilizing the public key KpQ of the certifi- 
cate authority 4 registered therein. When it is judged as 
a proper one, the signature encryption conversion is 
applied to the random number R sent from tiie informa- 45 
tion terminal device 2. and T = EKps{DKsu{R)) or 
DK5(j(EKps(R)), the public key Kpu of tiie conputer card 
3 and its certificate Xpy. and the Identifier I Dy of tiie com- 
puter card 3 are sent from the computer card 3 to the 
information terminal device 2. 50 

The information terminal device 2 certifies that the 
public key Kpy of tiie conputer card 3 is a proper one by 
utilizing the public key Kpc of tiie certificate authority 4 
registered ttierein, and ttien judges whetiier the con- 
nected computer card 3 is correctly ttiat of tiie identifier 55 
IDu or not by certifying whetiier T sent from the computer 
card 3 is consistent witii R sent to ttie computer card 3. 



Here, when this certification fails (i. e.. a result is NG) , 
tiie information terminal device 2 indicates an en-or and 
ejects tiie computer card 3. 

(User authentication) 

Next, the user authentication is carried out accord- 
ing to the procedure shown in Fig, 6 as follows. 

The user enters a password Pswd into the informa- 
tion terminal device 2, and the information terminal 
6&/\ce 2 sends the entered password Pswd to the com- 
puter card 3 to judge whetiier the entered password 
Pswd is a correct one coinciding with the password reg- 
istered in the conputer card 3 in advance. When the 
entered password Pswd is a correct one, it is judged that 
tiie user is a proper user, and a menu data is displayed 
to the user. 

In tiiis procedure, the password input errors are 
allowed for a prescribed number of times, such as three 
times, and when the password input was tried three times 
unsuccessfully, the error processing to indicate an error 
and eject the computer card 3 is carried out as there is 
a possibility for this user to be an improper user. In addi- 
tion, when this error processing caused by three unsuc- 
cessful trials is repeated for a prescribed number of 
times, such as five times, tiiis user is judged as an 
inproper user and the conputer card 3 is invalidated. 

Here, it is also possible to use different user autfien- 
tication schemes. For example, it is possible to use a 
scheme in which tiie predetennined password is 
encrypted and stored in tiie computer card 3, and 
whether an encrypted result of tiie character string 
entered at the information terminal device 2 coincides 
witti the stored encrypted password or not is checked, or 
whether the character string entered at the information 
terminal device 2 coincides with a decryption result of 
tiie stored encrypted password or not is checked. 

It Is also possible to use a scheme in which the pre- 
determined password is stored in the conputer card 3 
eitiier in an encrypted state or in a non-encrypted state, 
tiie character string entered at tiie information terminal 
dewce 2 is communicated from the information terminal 
device 2 to the computer card 3 by means of the cipher 
communication, whetiier the communicated character 
string coincides with the stored one or not is checked at 
tiie computer card 3. a parity of a random number gen- 
erated according to whether the communicated charac- 
ter string coincides with tiie stored one or not is adjusted 
in ttie known manner, and this random number is com- 
municated from the computer card 3 to the information 
terminal device 2 by means of the cipher communication. 

It is also possible to use a scheme in which the pre- 
determined password is stored in the computer card 3 
either in an encrypted state or in a non-encrypted state, 
a sum or an exclusive OR of tiie character string entered 
at tiie infbmiation terminal device 2 and a random 
number generated at the information terminal device 2 
is calculated, this calculation result is communication 
from the information terminal device 2 to ttie computer 



EP 0 715 242 A1 



12 



card 3 by means of the cipher communication, a differ- 
ence or an exclusive OR of the communicated calcula- 
tion result and the password registered in advance is 
calculated at the computer card 3 and an obtained value 
is returned from the computer card 3 to the information 5 
terminal device 2. and whether the returned value coin- 
cides with the generated random number or not is 
checked at the information terminal device 2. 



(User's selection) 



10 



Next, the user's selection is carried out according to 
the procedure shown in Fig. 7 as follows. 

Namely, the user selects the desired information 
from the menu data displayed by the information terminal is 
device 2. 

{Information request 

Next, the information request is carried out accord- 20 
ing to the procedure shown in Fig. 8 as follows. 

The information terminal device 2 sends a set RKX 
including tiie information identifier Req for the informa- 
tion selected by the user (which can be given by an Inter- 
nationally valid code such as an international recording 2s 
code ISRC for the music information, or an identification 
number assigned by the information provider that can 
uniquely identify the information, etc.). and the public key 
KpM of the information center 1 and its certificate Xp^. 
to the computer card 3. ' 3^ 

Then, the computer card 3 certifies that the putrfic 
key Kp^^^f the information center 1 and its certificate Xp^ 
are consistent by using the public key Kp^ of the certifi- 
cate authority 4 registered therein, signs Req. and 
obtains RQS ^ DKsu(Req). Then, the computer card 3 35 
encrypts this RQS by the public key Kp^ of the informa- 
tion center 1 to obtain Ry = EKpm(RQS). and sends this 
Ru to the information terminal device 2. 

When Ru is received, the information terminal 
device 2 sends tiiis Ry along with the public key Kpu of 40 
the computer card 3 and its certificate Xpg to the infor- 
mation center 1, Then, the information center 1 certifies 
that the public key Kpy of the computer card 3 and its 
certif fcate Xpy tiiat are sent from tiie information terminal 
device 2 are consistent, and obtains RQS = DKsm(Ru). ^5 
Then, the information center 1 obtains Req = 
EKpu{RQS), and retrieves the information specified by 
the obtained Req. 

(Key delivery and key receipt signing) 50 

Next, the key delivery and the key receipt signing are 
earned out according to the procedure shown in Fig. 9 
as follows. 

The infonnation center 1 generates the work key WK 55 
for encrypting the information to be utilized, encrypts this 
work key WK by the public key Kpu of the computer card 
3. signs Ck = EKpu(WK), and sends this Ck along with 



SKm = DKsm(Ck) to the conputer card 3 via the informa- 
tion terminal device 2. 

Then, tiie computer card 3 verifies whether the sig- 
nature is correct or not. obtains the work key WK by 
decrypting Ck. and sends Su = DKsu(SKm) to the infor- 
mation center 1 via the information terminal device 2 as 
a receipt signature for the work key WK. Meanwhile, tfie 
obtained work key WK is stored in the conputer card 3 
along with tiie information identifier Req in a state that 
cannot be read out illegally by encrypting it for example. 

(Work key WK request) • 

Next, the work key WK request is carried out accord- 
ing to the procedure shown in Fig. 10 as follows. 

Namely, after the information terminal device 2 sent 
Su to tiie information center 1 . the information terminal 
device 2 sends a WK request message ReqW containing 
a random number r to the computer card 3. 

(Information delivery and information utilization) 

Next, the information delivery and the information 
utilization are carried out according to tiie procedure 
shown in Rg. 11 as follows. 

The corrputer card 3 concatenates tiie random 
number r contained in the WK request message ReqW 
and the work key WK. encrypts them by the public key 
Kps of the infonnation terminal device 2. and sends tiie 
resulting V = EKps(WK, r) to the information terminal 
device 2. 

Then, at the information terminal device 2. after V is 
decrypted by using the seaet key Kgs of the information 
terminal device 2. whether the random number r coin- 
cides with that contained in the WK request message 
ReqW or not is checked, and the work key WK is set. 

On tiie otiier hand, when tiie work key receipt sig- 
nature Sg is received, the information center 1 divides 
the information I into processing units, encrypts each 
processing unit of this information I by the work key WK. 
applies a hash function hQ to C = EWK(I), signs tiiis h(C). 
and sends C and Sl^ = DKsM(h(C)) to the information 
terminal device 2. Then, the information terminal device 
2 verifies that tiiis signature is con-ect. and decrypts tiie 
encrypted information C. 

Here, the secrecy is physically maintained from a 
device for decrypting by using tiie secret key Kss to a 
device for decrypting by using the work key WK. To this 
end. this section, i.e.. the secret protection mechanism 
26 of tiie information terminal device 2 shown in Fig, 3. 
can be set in a safe box and sealed, or it is possible to 
adopt a scheme disclosed in R. Mori and M. Kawahara: 
"Superdisb-ibution: The concept and the Architecture", 
Trans. lEICE. Vol. E73, No. 7. pp. 1 133-1 146. July 1990. 

When C is decrypted, a signature of tiie information 
temiinal device 2 is attached to it. and ACK = DKss(h(C)) 
is returned to the information center 1. Then, the infor- 
mation center 1 certifies that ACK is a proper one. and 
records Ry. Sy, and ACK as a ground for charging. The 
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information center 1 then continues the processing for 
the next processing unit after the return of ACK is con- 
firmed. 

As described, according to this first embodiment, the 
encrypted information itself and the decryption key are s 
separated while the decryption key is safely stored within 
the computer card 3. As a result, the information will not 
be leaked to the third party because the information is 
delivered in an enaypted state, and the illegal copying 
will be difficult because the deayption key is confined io 
within the computer card 3 and it is difficult even for the 
legitimate user to learn the decryption key while the 
decryption of the information and the decryption of the 
work key WK are carried out at devices which are phys- 
ically sealed within the information terminal device 2. is 

Consequently, it Is possible to construct a system 
that can be utilized by the information provider without 
any anxiety. In addition, there is ho disadvantage from 
the user's standpoint, and the desired information can 
he utilized by making an access to the information center 20 
even when it is not available at the information terminal 
device located nearby, so that there is an advantage that 
the information becomes available from any information 
terminal device. 

Referring now to Fig. 12 to Rg. 16. the second 25 
embodiment of the digital information protection system 
according to the present invention will be described in 
detail. 

In this second embodiment, the digital information 
protectfon system has an overall configuration similar to so 
that of the first embodiment shown in Fig. 1 . In this sec- 
ond embodiment, the information center 1 has an inter- 
nal configuration similar to that shown in Rg. 2 described 
above except that tiie CPU 1 8 also executes an informa- 
tion conversion for the delivery certification. Also, the 35 
information terminal device 2 has an internal configura- 
tion substantially similarto tiiat shown in Rg. 3 described 
above. Also, tiie computer card 3 has an internal config- 
uration similar to that shown in Rg. 4 described above 
except that the CPU 37 also executes an information 40 
conversion for the delivery certrfication. 

This digital information protection system of the sec- 
ond embodiment is operated according to the following 
information utilization protocol based on the digital infor- 
mation protection scheme of the present invention. 45 

(Preparatory set up) 

In tiiis second embodiment, the computer card 3 
registers in advance its identifier 10^. its public key Kpy, so 
a certificate Xpy of the public key Kpy. a public key Kpc 
of the certificate authority 4, its secret key Kqu, a secret 
information S. and a public information n*. where the 
secret key Ksu and the secret information S in particular 
are registered into a write only region within the public ss 
key cryptosystem device 32 wtiich is a protected area 
that cannot be read out freely. Here. ID^, S. and n' have 
a relationship of IDj = S2 nxxj n', and n* is a product of 



two large prime numbers which has a size of several hun- 
dred bits. 

TTie rest of the preparatory set up is substantially 
similar to that of the first embodiment described above. 

{Mutual authentication between tiie computer card 3 and 
the Information terminal device 2) 

Rrst, the mutual authentication between the compu- 
ter card 3 and the information terminal device 2 is carried 
out substantially as tiie procedure shown in Fig. 5 
described above. 

{User authentication) 

Next, the user authentication is carried out substan- 
tially as the procedure shown in Fig. 6 described above. 

{User's selection) 

Next, the user's selection is carried out substantially 
as the procedure shown in Fig. 7 described above. 

^Information request) 

Next, the information request is carried out substan- 
tially as the procedure shown in Fig. 8 described above. 

{Information delivery and storage, and information center 
authentication) 

Next, the information delivery and storage and the 
information center authentication are canried out accord- 
ing to the procedure shown in Fig. 12 as follows. 

The information center 1 generates tiie work key WK 
for encrypting the information i to be utilized and 
encrypts this information I to obtain C = EWK(I). and 
stores this encrypted information C in the information 
storage unit 12. Also, in order to indicate that this 
encrypted information C is surely what is sent out from 
the information center 1 , a signature of the information 
center 1 is attached to this encrypted information C. 
Here, the attaching of the signature to the entire 
encrypted information is inefficient, so that the signature 
is attached with respect to h(C) in which the amount of 
C is reduced by the one-way random hash algorithm h 
In a manner of Sl^ = DKsM(h(C)). Then, the information 
center 1 sends C and Sl^ obtained in this manner to tiie 
information terminal device 2. 

Tiie information terminal device 2 then applies tiie 
hash algorithm h to tiie encrypted information C received 
from tiie infonmation center 1 to obtain h(C). and sends 
this h(C) along witti tiie S 1^ received from tiie Information 
center 1 to the computer card 3. 

The computer card 3 then verifies whetiier tiiis sig- 
nature is correct or not by checking whether EKpm(SIm) 
coincides with h(C) by using the public key Kp^ of tiie 
information center 1, and registers tiie information kien- 
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tifier Req. and the encrypted identifier IDg of the infor- 
mation terminal device 2. 

(Signing and delivery certification preparation) 

Next, the signing and the delivery certification prep- 
aration are earned out according to the procedure shown 
in Rg. 13 as follows. 

The computer card 3 signs the hashed and 
encrypted information h(C) by using the secret key Ksu 
of the computer card 3 in order to notify the information 
center 1 that the encrypted Information C has been 
stored in the information terminal device 2 in a manner 
of Sy = DKQu(h(C)), and sends this Sy to the information 
center 1 via the information terminal device 2. 

The information center 1 then verifies whether this 
signature Sy is con-ect or not by checking whetiier 
EKpu(Su) coincides with h(C). 

Next, for the purpose of tie delivery certification, ttie 
computer card 3 generates a random number rj {I = 0. 1 . 

' and obtains Xj = IDy" mod n'. and sends XX = 

P^|Xi| |Xt.i) to tile information center 1 via tiie infor- 
mation terminal device 2, where t is a number of bits in 
the work key WK. and a symbol | denotes a concatena- 
tion. 

(Key delivery and delivery certification) 

Next, tiie key delivery and tiie delivery certification 
are earned out according to ttie procedure shown in Fig. 
14 as follows. 

The information center 1 obtains EE = WK || h(XX. 
RQS) from XX. RQS. and WK. where a symbol || denotes 
an exclusive OR for each bit. and ttien divides this EE bit 
by bit and sets each bit as ej (I = 0. 1. t-1). 

Then, the information center 1 sends to the com- 
puter card 3 first. In response, ttie computer card 3 cal- 
culates Y0 = S<^ * mod n' from the received 60. and 
returns ttiis Y0 to tiie information center 1. Here, S is 
defined such that ID,j = S2 mod n' holds. 

When Y0 is received from the computer card 3. tiie 
information center 1 verifies whether » lDu®** • X0 
(mod n*) holds or not. When this relationship holds, tiie 
information center 1 sends ei to the computer cand 3 
next, and carries out tiie verification for Yi in tiie similar 
manner. This operation is repeated for t times, until Y,.i 
is verified. After Y,.i is verified, tiie information center 1 

records Ry. Su. 6;. and Yj (i = 0. 1 , t-1) as tiie ground 

for charging. 

On the other hand, tfie computer card 3 obtains EE 

by concatenating the received ej as EE = (e0|ei| |et. 

i). obtains WK from ttiis EE as WK = EE || h(XX. RQS). 
and registers tiiis WK in correspondence to Req and IDs 

It is to be noted tiiat in the above procedure, a man- 
ner of sending e; brt by bit has been described as a simple 
manner of sending e^ but it is also possible to send some 
number of bits together instead. 



(Information utilization) 

Next, in a case tiie information to be utilized is stored 
in tiie information terminal device 2, tiie information uti- 
5 lization is can-led out according to tiie procedure shown 
in Rg. 15 as follows. 

When tiie user utilizes tiie information, the computer 
card 3 is connected to the information terminal device 2 
and tfiis information terminal device 2 is operated. At tiiis 
10 point, the WK request message ReqW containing a ran- 
dom number r is sent from tfie information terminal 
device 2 to ttie computer card 3. Then, the computer card 
3 concatenates tiie random number r contained in ttie 
WK request message ReqW and tiie work key WK, 
15 encrypts tiiem by tiie public key Kps of the information 
terminal device 2, and sends tiie resufting V = EKps(WK, 
r) to tiie information terminal device 2. 

Then, at the information terminal device 2, after V is 
decrypted by using the secret key Kss of the information 
20 terminal device 2. whether tiie random number r coin- 
ddes with that contained in the WK request message 
ReqW or not is checked, and the work key WK is set. 
Then, the information terminal device 2 decrypts tiie 
encrypted information C stored therein by using tiiis work 
25 key WK to put tiie information in a utilizable state. 

Here, the secrecy is physically maintained from a 
device for decrypting by using ttie seaet key Kss to a 
device for deaypting by using tiie work key WK. To tiiis 
end. this section, i.e.. the secret protection mechanism 
30 26 of tiie information terminal device 2 shown in Fig. 3, 
can be set in a safe box and sealed, or it is possible to 
adopt a scheme disclosed in R. Mori and M. Kawahara: 
"Superdisti-ibution: The concept and tiie Architecture", 
Trans. lEICE. Vol. E73, No. 7. pp. 1133-1146, July 1990. 
55 In tiiis manner, ttie legitimate user can utilize tiie 
information stored in the information terminal device 2 
whenever necessary, as long as the user has the proper 
computer card 3. 

40 (Information utilization in a case the information to be uti- 
lized in not In the information terminal device 2> 

Next, in a case the information to be utilized is not 
stored in the information terminal device 2, the informa- 

45 ton utilization is carried out according to the procedure 
shown in Rg. 16 as follows. 

After the information request is made according to 
tiie procedure of Fig. 8 described above, the computer 
card 3 checks whether that information Identifier Req is 

50 registered therein or not If this information identifier Req 
is registered, the information terminal device identifier 
IDs* corresponding to this information identifier Req is 
sent to the currentiy connected information terminal 
device 2 with the identifier IDs- In response, ttiis informa- 

55 tion terminal device 2 with the kJentifier IDs sends tiie 
information identifier Req to anotfier infomiation terminal 
device 2' with the identifier IDs* to have the encrypted 
information C transferred from this another information 
terminal device 2\ Thereafter, the information utilization 
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according to the procedure shown in Fig. 15 described 
above is carried out with respect to this encrypted infor- 
mation C. 

Alternatively, it is also posstole to use the following 
procedure for utilizing the information while the informa- 5 
tion is transferred. Namely, after Sy is sent out to the 
information center 1 , the information terminal device 2 
sends the WK request message ReqW containing a ran- 
dom number r to the computer card 3. Then, the compu- 
ter card 3 concatenates the random number r contained to 
in the WK request message ReqW and the work key WK, 
encrypts them by the public key Kps of the information 
terminal device 2. and sends the resulting V = EKps(WK, 
r) to the information terminal device 2, 

Then, at the information terminal device 2, after V is is 
decrypted by using the secret key Kss of the information 
terminal device 2, whether the random number r coin- 
cides with that contained in the WK request message 
ReqW or not is checked, and the work key WK is set. 
Then, the information terminal device 2 decrypts the 20 
encrypted information C by using this work key WK to 
put the information in a utilizable state, and returns ACK 
to the computer card 3 in order to indicate that tiie work 
key WK has been received. At this point, it is also possi- 
ble for the information terminal device 2 to store tiie infor- 25 
rtiation while the information is decrypted. 

As described, according to this second embodi- 
ment. In addition to the advantages that the information 
will not be leaked to thethird party and the illegal copying 
will be difficult as in the first embodiment described 30 
above, it also becomes possible to surely and accurately 
charge the information by means of the delivery certifi- 
cation data. 

Consequentiy. it is also possible to construct a sys- 
tem that can be utilized by the information provWer with- 35 
out any anxiety. In addition, tiiere is no disadvantage 
from the user's standpoint, and the desired information 
can be utilized by making an access to the information 
center even when It is not available at the information 
terminal device located nearby, so that tiiere is an advan- 40 
tage that the information becomes availat>ie from any 
information terminal device. 

It is to be noted tiiat the first and second embodi- 
ments described above have been directed to a case of 
utilizing the pii)lic communication channel such as 45 
ISDN, but the present invention is equally applicable to 
a case of using the connection-less channel such as a 
dedicated line. 

It is also to be noted that tiie applk:ability of tiie 
present invention is not limited to the computer software, so 
and extends to all kinds of a digital information delivery 
utilizing the communication of the encrypted digital infor- 
mation. 

It is also to be noted that, besides those already 
mentioned above, many modifications and variations of 55 
the above embodiments may be made without departing 
from tiie novel and advantageous features of tfie present 
invention. Accordingly, all such modifications and varia- 



tions are intended to be included within the scope of tiie 
appended claims. 

Claims 

1 . A method for digital information protection in a sys- 
tem in which a user makes an access to a digital 
information provided by an information center, by 
connecting a computer card owned by tiie user to 
an information terminal device connected with tiie 
information center, the method comprising ttie steps 
of: 

(a) can-ying out a mutual authentication 
between the computer card and the information 
terminal device; 

(b) carrying out a user authentication by ttie 
computer card through the information terminal 
device; 

(c) sending an infamation request specifying 
the desired digital information of the user from 
the information terminal device to the irrforma- 
tfon center by signing and encrypting an infor- 
mation identifier for identifying the desired 
digital information; 

(d) sending the work key for encrypting the 
desired digital information from tiie information 
center to the computer card by a cipher commu- 
nication using a public key cryptosystem; 

(e) obtaining and registering the work key sent 
from the information center at the computer 
card, and sending a work key receipt signature 
from the computer card to the information 
center; 

(f) receiving a work key request message con- 
taining a random number from tiie information 
terminal device at the computer card, encrypt- 
ing tiie work key according to tiie random 
number, and sending an encrypted work key 
from the computer card to the information ter- 
minal device; 

(g) encrypting the desired digital information 
specified by the information request by using 
the work key at the information center, and 
sending the encrypted digital information from 
the information center to tiie information termi- 
nal device; 

(h) receiving and decrypting the encrypted work 
key sent from the computer card so as to obtain 
the work key at the information terminal device, 
receiving and decrypting tiie encrypted digital 
information sent from tiie information center by 
using the work key. and providing the decrypted 
digital information to the user at the information 
terminal device; and 

(i) sending an encrypted information receipt sig- 
nature from the information terminal device to 
the information center, and recording the infor- 
mation request, tfie work key receipt signature. 
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and the encrypted information receipt signature 
as a ground for charging at the information 
center. 

2. The method of claim 1 , wherein at the steps (d) and s 
(e). the information center generates the work key, 
encrypts the work key by a public key of the compu- 
ter card, and sends a generated and encrypted work 
key atong with a signature of the information center 
to the computer card via the information terminal 10 
device, and the computer card verifies whether the 
signature of the information center is correct or not, 
obtains the work key from the generated and 
encrypted work key. sends the work key receipt sig- 
nature to the information center via the information 15 
terminal device, and registers the work key along 
with the information identifier. 

3. The method of claim 1 . wherein at the step (f). the 
information terminal device sends the work key 20 
request message containing the random number to 
the conputer caid, after the work key receipt signa- 
ture is sent from the computer card to the information 
center via the information terminal device. 

25 

4- The method of claim 1 , wherein at the step (f). the 
computer card concatenates and encrypts the work 
key and the random number by using a public key of 
the information terminal device, and sends concate- 
nated and encrypted work key and random number 30 
to the information terminal device, and at the step 
(h), the information terminal device decrypts the 
concatenated and encrypted work key and random 
number, checks whether a deaypted random 
number coincides with the random number con- 35 
tained in the work key request message, and 
decrypts the encrypted digital information sent from 
the information center by using a decrypted work 
key 

5. A method for digital Information protection in a sys- 
tem in which a user makes an access to a digital 
information provided by an information center, by 
connecting a computer card owned by the user to 
an information terminal device connected with the 
information center, the method comprising the steps 
of: 

(a) canying out a mutual autfientication 
between tfie computer card and the information 
terminal device; 

(b) canrying out a user autherrtication by the 
computer card through the information terminal 
device: 

(c) sending an information request specifying 
the desired digital information of the user from 
the infbnnation terminal device to tiie informa- 
tion center by signing and encrypting an infor- 
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mation identifier for identifying the desired 
digital information; 

(d) encrypting the desired digital information 
specified by the information request by using 
the work key at tiie information center, and 
sending the encrypted digital information from 
tiie information center to tiie information termi- 
nal device and the computer card; 

(e) receiving and storing the encrypted digital 
information sent from the information center at 
tiie information terminal device, and sending an 
information receipt signature from tiie computer 
card to tiie information center via tiie informa- 
tion terminal device; 

(f) delivering the work key for encrypting tiie 
desired digital information from the information 
center to tiie computer card, and obtaining and 
registering tiie work key sent from tiie informa- 
tion center at tiie computer card, while returning 
a delivery certificate from the computer card to 
tiie information center; 

(g) receiving a work key request message con- 
taining a random number from tiie information 
terminal device at the computer card, encrypt- 
ing tiie work key according to tiie random 
number, and sending an encrypted work key 
from tiie computer card to tiie information ter- 
minal device; 

(h) receiving and decrypting the encrypted work 
key sent from tiie computer card so as to obtain 
ttie work key at the information terminal device, 
decrypting the encrypted digital information 
stored in tiie information terminal devrce by 
using the work key. and providing tiie decrypted 
digital information to tiie user at the information 
temninai device; and 

(i) sending an encrypted information receipt sig- 
nature from the information terminal device to 
tiie information center, and recording the infor- 
mation request, tiie encrypted information 
receipt signature, and the delivery certificate as 
a ground for charging at the information center. 

6. The method of claim 1 or 5, wherein at tiie step (a), 
the mutijal authentfoation between the computer 
card and the information terminal device is realized 
by sending a random number generated by the infor- 
mation terminal device to tiie computer card, signing 
and encrypting the random number at tiie computer 
card and retuming a signed and encrypted random 
number to the information terminal device, and 
checking whetfier tiie signed arxl encrypted random 
number is consistent with tiie random number at tiie 
information terminal device. 

55 

7. The method of claim 1 or 5, wherein at tiie step (b), 
the user authentication by the computer card is real- 
ized by storing a prescribed password in the compu- 
ter card, checking whether a user input entered at 
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the information terminal device coincides with the 
prescribed password at the computer card, execut- 
ing an error processing when an erroneous user 
input is repeated for a prescribed number of times, 
and invalidating the computer card when the error 
processing is repeated for a predetermined number 
of times. 

8. The method of daim 1 or 5. wherein at the step (b). 
the user authentication by the computer card is real- 
ized by storing a prescribed password in an 
encrypted state in the computer card, and checking 
whether a user input entered at the information ter- 
minal device coincides with the presaibed password 
in a decrypted state at the computer card, a check- 
ing whether a user input entered and encrypted at 
the information terminal device coincides with the 
prescribed password in the encrypted state at the 
computer card. 

9. The method of daim 1 or 5. wherein at the step (b), 
the user authentication by theconputer card is real- 
ized by storing a prescribed password in the compu- 
ter card, sending a user input entered at the 
information terminal device to the conputer card by 
a cipher communication, checking whether the user 
input coincides with the prescribed password at the 
computer card, adjusting a parity of a random 
number generated according to whether the user 
input coincides with the prescribed password at the 
computer card, and sending the random number to 
the information terminal device by a dpher commu- 
nication. 

10. The method of daim 1 or 5. wherein at the step (b), 
the user authentication by the computer card is real- 
ized by storing a prescribed password in the compu- 
ter card, sending a first value indicating a sum or an 
exdusive OR of a user input entered at the informa- 
tion terminal device and a random number gener- 
ated at the infonmation terminal device to the 
conrputer card by a cipher communication, sending 
a second value indicating a difference or an exclu- 
sive OR of the first value and the prescribed pass- 
word at the computer card to the information 
terminal device, and checking whether the second 
value coincides with the random number at the infor- 
mation terminal device. 

1 1 . The method of daim 1 or 5, wherein at the step (c), 
the information terminal device sends the informa- 
tion identifier, a public key of the information center, 
and a certificate for the public key of the information 
center to the computer card, the computer card 
signs and encrypts the information identifier by using 
a secret key of the computer card and the public key 
of the information center and returns a signed and 
encrypted infonmation identifier to the information 
terminal device, and the information terminal device 



sends the signed and encrypted information identi- 
fier along with a public key of the corriputer card and 
a certificate for the public key of the computer card 
to the information center, so as to prevent an 
5 improper access to the information center 

12. The method of claim 5, wherein at the step (c). the 
information. terminal device sends the information 
identifier, a public key of the information center, and 

10 a certificate for the public key of the information 
center to the computer card, the conputer card 
signs the information identifier and encrypts a 
signed infonmation identifier by using a seaet key of 
the computer card and the public key of the informa- 

15 tion center and returns a signed and encrypted infor- 
mation identifier to the information terminal device, 
the information terminal device sends the signed 
and encrypted information identifier along with a 
public key of the computer card and a certificate for 

20 the public key of the computer card to the information 
center, and the information center decrypts the 
signed arxj encrypted information kJentifier to obtain 
the signed information identifier and utilizes the 
signed information iderrtifier in delivering the work 

25 key and obtaining the delivery certificate at the step 
(0. 

1 3- The method of claim 5. wherein at the steps (d) and 
(e), tiie information center generates the work key, 

30 encrypts the desired digital information by the work 
key. and sends the encrypted digital information 
along with a signature in which tiie encrypted digital 
information is compressed and signed to the infor- 
mation terminal device, the information terminal 

35 device stores the encrypted digital Information while 
tiie computer card verifies whether the signature is 
correct or not, and registers the information identifier 
along with an identifier for the information terminal 
device. 

40 

14. The metiiod of claim 5. wherein at the step (e), the 
computer card signs a compressed and encrypted 
digital information to obtain the encrypted informa- 
tion receipt signature, and sends the encrypted 

45 information receipt signature to the information 
center, and the information center verifies tiie 
encrypted information receipt signahjre to confirm 
tiiatthe encrypted digital information has been cor- 
rectiy stored in the information te-minal device and 

so tiie information identifier for tiie encrypted digital 
information has been registered in the computer 
card. 

15, The metiiod of claim 5, wherein at tiie step (f), tiie 
55 delivery certificate certifies that tiie work key has 

been correctiy delivered from tiie information center 
to the computer card. 
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16. The method of claim 5. wherein at the step (g). the 
computer card concatenates and enaypts the work 
key and the random number by using a public key of 
the information terminal device, and sends concate- 
nated and encrypted work key and random number 5 
to the information terminal device, and at the step 
(h). the information terminal device decrypts the 
concatenated and encrypted work key and random 
number, checks whether a decrypted random 
number coincides with the random number con- ,0 
tained in the work key request message, and 
decrypts the encrypted digital information stored in 
the information terminal device by using a decrypted 
work key 



15 

17. The method of claim 5, further comprising the step 
of: 

transferring another encrypted digital infor- 
nrration stored in another information terminal device 
to the information terminal device; and 20 

storing said another encrypted digital infor- 
mation transferred at the transferring step in the 
information terminal device such that said another 
encrypted digital information can be utilized at the 
information terminal device by carrying out the steps 25 
(f) to (i) with respect to said another encrypted digital 
information. 

18- The method of claim 5. further comprising the step 
0^* 30 

transfemng another encrypted digital infor- 
mation stored in another information terminal device 
to the information terminal device; and 

canTing out the steps (0 to (i) with respect to 
said another encrypted digital information trans- 35 
fen-ed at the transfening step. 

19. A method for digital information protection in a sys- 
tem in which a user makes an access to a digital 
information provided by an information center, by 40 
connecting a computer card owned by the user to 
an information terminal device connected witti the 
information center, the method comprising the steps 
of: 

delivering a work key for encrypting a desired 45 
digital information from tiie information center to the 
computer card tiirough the information terminal 
device, and registering the work key in the computer 
card; 

delivering the desired digital information so 
encrypted by tiie work key from the information 
center to the information terminal device; and 

decrypting an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 55 
in ttie computer card, and providing a deaypted dig- 
ital informatfon to the user at the information terminal 
device. 



20- The method of claim 1 9, further comprising the steps 
of: 

sending an information request specifying 
tiie desired digital information of the user from \he 
information terminal device to the information 
center; 

sending a work key receipt signature from tiie 
computer card to the information center in response 
to a delivery of the work key; 

sending an encrypted information receipt sig- 
nature from ttie information terminal device to the 
information center in response to a delivery of the 
encrypted digital information; and 

recording the information request, the work 
key receipt signature, and tine encrypted information 
receipt signature as a ground for charging at tiie 
information center. 

21. The method ofclaimi 9, furtiier comprising tile steps 

of: 

sending an information request specifying 
tile desired digital information of the user from tiie 
information terminal device to the information 
center; 

sending an encrypted information receipt sig- 
nature from tiie information terminal device to tiie 
information center in response to a delivery of tiie 
encrypted digital information; 

returning a delivery certificate from ttie com- 
puter card to the inforn^tion center in a course of a 
delivery of the work key; and 

recording the information request, tiie 
encrypted information receipt signature, and the 
delivery certificate as a ground for charging at the 
information center. 

22. A digital informatfon protection system, comprising: 

an information center for providing a digital 
information; 

an information terminal device connected 
witii the information center; and 

a computer card owned by a user, such tiiat 
tiie user makes an access to tiie digital information 
provided by tiie information center by connecting tiie 
computer card to the information terminal device; 

wherein the information center, the informa- 
tion terminal device, and tiie conputer card are 
adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the 
computer card through tiie information terminal 
device, and register tiie work key in the computer 
card; 

deliver the desired digital information 
encrypted by tiie work key from the information 
center to tiie information terminal device; and 

decrypt an encrypted digital information 
delivered from tiie information center at ttie informa- 
tion terminal device by using the work key registered 
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in the computer card, and provide a decrypted digital 
information to the user at the information terminal 
device. 

23. The system of claim 22. wherein the information s 
center, the information terminal device, and the com- 
puter card are further adapted to: 

send an information request specifying the 
desired digital information of the user from the infor- 
mation terminal device to the infonmation center; w 

send a work key receipt signature from the 
computer card to the Information center in response 
to a delivery of the work key; 

serxj an encrypted information receipt signa- 
ture from the information terminal device to the infor- 75 
mation center in response to a delivery of the 
encrypted digital information; and 

record the information request, the work key 
receipt signature, and the encrypted information 
receipt signature as a ground for charging at the 20 
information center. 

24. The system of claim 22, wherein the information 
center, the information terminal device, and the com- 
puter card are further adapted to: 25 

send an Information request specifying the 
desired digital information of the user from the infor- 
mation terminal device to the information center; 

send an encrypted infomnation receipt signa- 
ture from the information terminal device to tine Infor- 30 
mation center In response to a delivery of the 
encrypted digital infonmation; 

return a delivery certificate from the compu- 
ter card to the information center in a course of a 
delivery of the work key; and 35 

record tiie information request, the encrypted 
information receipt signature, and tine delivery cer- 
tificate as a ground for charging at the Information 
center. 

40 

25. An information center for a digital information pro- 
tection system In which a user nnakes an access to 
a digital information provided by the information 
center by connecting a computer card owned by the 
user to an information terminal device connected 45 
with tile information center, wherein the information 
center, the information terminal device, and tiie com- 
puter card are adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the so 
computer card tiirough the information terminal 
device, and register tiie work key in tfie conrputer 
card; 

deliver the desired digital information 
encrypted by the work key from the information 55 
center to the information terminal device; and 

decrypt an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using tJie work key registered 



in the computer card, and provide a decrypted digital 
information to the user at the Information terminal 
device; 

the information center comprising: 

information storage means for storing tine dig- 
ital information; 

communication control means for making a 
communication with the Information terminal device; 

key generation means for generating tiie 
work key; 

enayption means for encrypting the digital 
information by using the work key; 

public key cryptosystem means for encrypt- 
ing the work key in order to make a cipher commu- 
nication of tiie work key; and 

signature conversion means for providing a 
signature of the information center. 

26. The information center of claim 25, further compris- 
ing 

information conversion means for delivering 
the work key to the computer card while receiving a 
delivery certificate from the computer card. 

27. An information terminal device for a digital informa- 
tion protection system In which a user makes an 
access to a digital information provided by an infor- 
mation center by connecting a computer card owned 
by tiie user to the information terminal device con- 
nected with the information center, wherein tine infor- 
mation center, the information terminal device, and 
tiie computer card are adapted to: 

deliver a work key for encrypting a desired 
digital information from tiie information center to the 
conputer card through the information terminal 
device, and register tiie work key in the computer 
card; 

deliver the desired digital Information 
encrypted by tiie work key from the Information 
center to tiie information terminal device; and 

deaypt an encrypted digital information 
delivered from the information center at tiie informa- 
tion terminal device by using the work key registered 
in the computer card, and provide a decrypted digital 
information to the user at tiie information terminal 
device; 

the information terminal device comprising: 

first communication control means for mak- 
ing a communication witti the information center; 

second communication control means for 
making a communication with the computer card; 

information storage means for storing the dig- 
ital information; 

putHlc cryptosystem means for encrypting the 
work key in order to make a cipher communication 
of the work key; signature conversion means for pro- 
viding a signature of tiie Information terminal device; 

random number generation means for gener- 
ating a random number; 
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matching means for matching the random 
number generated by the random number genera- 
tion means with a random number received from the 
computer card; 

secret key storage means for storing a secret 5 
key of the information terminal device; 

decryption means for decrypting an 
encrypted work key and an encrypted digital infor- 
mation; and 

secrecy protection means for physically pro- ro 
tecting a secrecy of the random number generation 
means, the matching means, the secret key storage 
means, and the decryption means. 

28. A computer card for a digital information protection 15 
system in which a user makes an access to a digital 
information provkJed by an infonmation center by 
connecting the computer card owned by the user to 
an information terminal device connected with the 
information center, wherein the information center. 20 
the information terminal device, and the conputer 
card are adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the 
computer card through the information terminal 25 
device, and register the work key in the computer 
card; 

deliver the desired digital information 
encrypted by tiie work key from the information 
center to the information terminal device; and 30 

decrypt an enaypted digital information 
delivered from theinformation center at the informa- 
tfon terminal device by using the work key registered 
in the computer card, and provide a decrypted digital 
information to the user at the information terminal 35 
device; 

the computer card comprising: 

communication control means for making a ^' 
communication with the information terminal device; 

putJliccryptosystem means for encrypting the 40 
work key in order to make a cipher communication 
of the work key; 

signature conversion means for providing a 
signature of the conputer card; and 

work key storage means for storing the work 45 

key 

I- The computer card of claim 28, further comprising 
information conversion means for receiving a 
delivery of the work key from the information center so 
while returrtng a delivery certificate to the informa- 
tion center 
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FIG. 15 
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